Comments

I’m guessing this required a small measure of co-operation from the phone’s owner.

Still it does point to another possible point of failure for FaceID:

What if a pickpocket steals your phone, then shouts, “Hey you!”

When you turn around, he takes a 3D scan of your face, a picture of your eyes and a mould of your nose, before running off.

Now, with access silicon casting apparatus, a 3D printer and a reasonably talented portrait artist, he now has access to your phone until you reach can reach a computer to brick it … which will probably take you about an hour.

By the time the camera focused on my face, I will have closed the distance between us and have begun pummeling said pickpocket with fists and elbows. Then I would smash my iPhone into his face repeatedly until it unlocks.

I call this as total BS, and if not I bet he ID'd the mask and unlocked with real face.

Does it really matter? FaceID is still better than anything else on the market today. Samsung's first try at this was foiled with a simple photograph of the person's face. What this video doesn't show is how many attempts they made before they got it right. In practice, this just isn't going to be possible--either they'll lock the phone out permanently and force an erase or have to try so many iterations it just won't be feasible. Also, how likely is this to work without a good, multi-angle set of photographs of the person and/or physical access to the person, in which case the person has probably been kidnapped and has more to worry about than his phone being unlocked.
Either way, it shouldn't cause too much alarm as anyone who knows anything about security will tell you that all bets are off if the bad guy has physical access to the hardware (macOS single user mode, anyone?).

There’s a video on YouTube with a special camera that shows the dots and it obviously looks like 1st gen tech that can be improved.

Most definitely.

Meanwhile, Samsung will go one step further. I can’t say too much, NDAs and all that, but I can tell you that the new Samsung biometric system will blow FaceID out of the water.

It’s going to be called CheekSwabID and is much more convenient when used in conjunction with Samsung Pay. You approach the NFC terminal, put your phone in your mouth and give it a good wipe around. Take your phone out of your mouth and tap it against the terminal. Voila!

It will also allow you to make emojis based on your gums. Gumojis are the next big thing. You read it here first!

"The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. "
So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone?
Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.

Apple puts a tiny 3D scanner on their phone and you don't think it is possible for someone else to develop an inconspicuous 3D scanner that can be used to copy people's faces without them knowing it? Such a device will probably be ubiquitous in a few years and 3D printers are already in the mass market. The rest of the process can probably be streamlined quite a bit.

"The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. "
So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone?
Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.

Apple puts a tiny 3D scanner on their phone and you don't think it is possible for someone else to develop an inconspicuous 3D scanner that can be used to copy people's faces without them knowing it? Such a device will probably be ubiquitous in a few years and 3D printers are already in the mass market. The rest of the process can probably be streamlined quite a bit.

It’s not the scanner, it’s the algorithms used to encode the scanned images from the specific hardware/firmware on the iPhone X.

It's FAKE come on guys!!! Face ID isn't activated... can't see the lock symbol animation working properly.100% publicity stunt buy Bkav Corp to garner some attention.Looks like app overlay or most likely video overlay. Not sure what he is doing with his left hand and why screen lights up before he even touches it?

Plus, wouldn't the device automatically turn on its display and unlock as soon as he removes the scarf from the mask if it was suppose to work?

I haven’t had Face ID work like that. I thought I had read that the phone would check to see if I was looking at it and then wake up and unlock, but so far for me nothing. I’ve checked Settings to see if there was something I missed, but as far as I can tell there isn’t.

One option is “Require Attention for Face ID”, which will only unlock if I’m looking. I think that requires the display to have been woken already, it says it’s an additional layer of protection. Another option is “Attention Aware Features”, where “TrueDepth Camera will check for attention before dimming the display or lowering the volume of alerts.”

Other than those two options everything is basically the same as it was for Touch ID, with the exception of Safari auto-fill.

"The security firm, Bkav, claims this proves facial recognition is "not mature enough" for either smartphones or computers, having previously bypassed safeguards on some laptops. "
So if someone steals my phone, and they just happen to have a 3D model of my face as well as a high resolution photo that they can overlay on top of it on order to construct a 3D model that is close enough to be able to trick Face ID, they might be able to get into my phone?
Give me a fucking break. "Not mature enough" my ass. The scenario they're depicting is unlikely to happen even once for any of the hundreds of millions of users that will own this phone.

Apple puts a tiny 3D scanner on their phone and you don't think it is possible for someone else to develop an inconspicuous 3D scanner that can be used to copy people's faces without them knowing it? Such a device will probably be ubiquitous in a few years and 3D printers are already in the mass market. The rest of the process can probably be streamlined quite a bit.

As face recognition improves, expect methods to defeat it to improve. Maybe 3-D printed masks with blinking eyes and some facial movement, a la Disney audioanimatronics.

I have to question if the time/expense/effort required is worth it. Anyone requiring more security probably already has bodyguards.

I suspect that Apple is conservative in its use FaceID hardware... For example: Likely, the hardware is capable of using more than 30,000 dots as identification points, but Apple uses the 30,000 spec because it is faster and more than good enough for now.

IMHO, FaceID has great[er] potential other than a component to unlock your phone. For example:

airport checkin

buying a gun

renting a truck from Home Depot

In these cases a non-iphone FaceID component would scan the person's face and create a digital faceprint that would be matched against a central database to prove that you are who you are supposed to be. Certainly, it would be illogical to scan anyone wearing a mask.

It's FAKE come on guys!!! Face ID isn't activated... can't see the lock symbol animation working properly.100% publicity stunt buy Bkav Corp to garner some attention.Looks like app overlay or most likely video overlay. Not sure what he is doing with his left hand and why screen lights up before he even touches it?

Good observation about the lock symbol - agreed. This article is a waste of AI readers' time

Good compromise -- Apple doesn't have to build a backdoor (so long as Law Enforcement avoids a headshot).

Do you believe in this bullshit? The Vietnamese in Mainland are famous for creating fake news and cheating. Same as those in China. Nothing new! They even claim to cure cancers by feeding you a piece of herbs...yeah, still Vietnam has highest rate of cancer deaths! Enough said!

I do. While these tests are ultimately unimportant for normal users, I am curious to have the limitations mapped out.

Not sure this does much to identify the limits, except for Apple, which might then do a bit more refining to strengthen the machine learning algos, which I’ll bet they’ll be doing regardless over the next year/years. So just as someone thinks they grok the limits better than Apple already outlined them (has to see your eyes, nose and mouth) Apple might toss in an unreleased curveball in an update. Back to square one for the hackers.

You don't see how or why security firms and gov't agencies would want to know if a technology is secure and how secure it is?

The same goes for passcode-based systems, even though we can use math to figure out the possible outcomes. For example, how many people will use “password” if that’s allowed, commonalities of PIN combinations, and even bugs in SW or logic issues with password recovery that can lead to bypassing a system.

For instance, if law enforcement was better at their jobs they probably could've accessed the Plano, TX shooter's phone with ease.

Why do you do this? Why do you take a comment made about a very specific scenario and assume it applies to a broad topic? Are you asking me to delete your comments? If so, just ask me, “Radar, please delete my comment because I going to put words into someone’s mouth.” Or is it your personality to go right to hyperbole? Please tell us, as some here would really like to know which it is.

I do. While these tests are ultimately unimportant for normal users, I am curious to have the limitations mapped out.

Not sure this does much to identify the limits, except for Apple, which might then do a bit more refining to strengthen the machine learning algos, which I’ll bet they’ll be doing regardless over the next year/years. So just as someone thinks they grok the limits better than Apple already outlined them (has to see your eyes, nose and mouth) Apple might toss in an unreleased curveball in an update. Back to square one for the hackers.

You don't see how or why security firms and gov't agencies would want to know if a technology is secure and how secure it is?

The same goes for passcode-based systems, even though we can use math to figure out the possible outcomes. For example, how many people will use “password” if that’s allowed, commonalities of PIN combinations, and even bugs in SW or logic issues with password recovery that can lead to bypassing a system.

For instance, if law enforcement was better at their jobs they probably could've accessed the Plano, TX shooter's phone with ease.

Why do you do this? Why do you take a comment made about a very specific scenario and assume it applies to a broad topic? Are you asking me to delete your comments? If so, just ask me, “Radar, please delete my comment because I going to put words into someone’s mouth.” Or is it your personality to go right to hyperbole? Please tell us, as some here would really like to know which it is.

1) The topic is security. If you don't understand that going into an article about a company saying they can bypass Face ID then your blind trust in a single company making a claim is ridiculous. Independent research, empirical data, and testable theories are what matter.

2) Care to explain how the Plano, TX shooter's phone is hyperbole when it's literally a current topic in the media right now?

Wow, thats so elaborate schme to steal my 999 phone....by that time you made my 3D face, that phone had been brick already....lost phone. Some company wants to make their names by elaborate schemes to dirt put others, go make names for your self by preventing cyber attacks maybe ill share you my money.

Obviously this could be used to target someone and have a 3D image of their face already made.

Wow, thats so elaborate schme to steal my 999 phone....by that time you made my 3D face, that phone had been brick already....lost phone. Some company wants to make their names by elaborate schemes to dirt put others, go make names for your self by preventing cyber attacks maybe ill share you my money.

Obviously this could be used to target someone and have a 3D image of their face already made.

1) We've seen that sci-fi for at least a couple decades, and now that's certainly a real possibility with Face ID being much harder to crack than previous face recognition systems and 3D printers being commonplace, but I think the likelihood is still extremely low since it requires stealing the device, a great deal of tech knowledge, and some sort of reward that warrants it.

2) 3D printers to make the face or a mold are the obviously choices here, but imagine if there was a system of movable points over a flexible exterior that could take IR scan data and within a few seconds adjust an attached mechanical face. Speed being key, you may even be able to snag the device, break into it so steal some data or install an app, go to a website that will exploit a bug to where you jailbreak the device for further snooping, or even send a message out that you then delete which could set that person up for a crime they didn't commit before you return the device without them being the wiser. We saw something like this in The Thomas Crown Affair, to name just one, where his keys were taken from his jacket, a copy of his house key was made, and the keys returned before they thought he knew. I'd still say this concept is still in the realm of spy movie or TV show over real life, but I wouldn't be surprised to see something like that being used in some future storyline.